EdgeSwitch software release v1.5.0


#1

New EdgeMAX software version v1.5.0 for EdgeSwitch products (all current models ES-48-750W, ES-48-500W, ES-48-Lite, ES-24-500W, ES-24-250W, ES-24-Lite, ES-16-150W, ES-12F, and EdgePoint EP-S16) is available here:
https://dl.ubnt.com/firmwares/edgemax/EdgeSwitch/v1.5.0/ES-es48.v1.5.0.4884746.stk(SHA1: b63513c47f32db946f0eb8ad0337c7e591ebf9c3) (GPL archive)
This release includes quite a few enhancements and bug fixes based on feedback from community members (details can be found in the release notes below). Thanks everyone for reporting the issues, providing suggestions, and testing the alpha/beta releases!

[Release Notes v1.5.0]
Changelog
**Changes since v1.3.0
**
Enhancements and bug fixes

  • [802.1X] As discussed on the forums earlier, there are some issues related to 802.1X in previous releases. We have been doing more thorough review of the functions in this area and have found and fixed certain issues. Here is a summary of the current status as of this alpha release:

  • 802.1X authentication using RADIUS (Basic1): Works. This is the basic scenario without RADIUS-assigned VLANs etc. and authenticated clients are placed in the default VLAN of the port. Clients failing 802.1X authentication will not get any connectivity.

  • Basic1 plus “unauthenticated VLAN” (Basic2): Works. This is the basic scenario above plus placing clients failing 802.1X authentication into a specified unauthenticated VLAN.

  • Basic2 plus dynamically created VLAN assigned by RADIUS (RadVLAN1): Works. Clients who succeeds with 802.1X authentication are placed in the VLAN assigned by the RADIUS server (VLAN is dynamically created in this scenario). Clients failing 802.1X authentication are still placed into the specified unauthenticated VLAN like Basic2.

  • Basic2 plus VLAN assigned by RADIUS (RadVLAN2): Works. This is the same as RadVLAN1 except that RADIUS assigned VLANs need to be specified in the switch’s VLAN database (no per-port config required though).

  • MAC-based authentication using RADIUS (MAC1): Works. This mode supports both 802.1X and MAC-based authentication. 802.1X authentication (using RADIUS) is attempted first, and if that fails, the switch falls back to MAC-based authentication (also using RADIUS). Clients who succeed with either authentication method are placed in the default VLAN of the port. Clients failing both authentication methods will not get any connectivity.

  • MAC1 plus non-default VLAN settings (MAC2): Currently this does not work. This includes both unauthenticated VLAN setting in the config and RADIUS-assigned VLAN. This means that in this mode:

  • For a client who authenticated successfully, if RADIUS assigns a VLAN, the assignment does not work and the client is placed in the port’s default VLAN instead.

  • For a client who failed authentication, and “unauthenticated VLAN” is specified in the config, the VLAN assignment does not work either, and the client is also placed in the port’s default VLAN instead.

So among the scenarios listed, “MAC2” (configuring MAC-based authentication support with non-default VLANs) is the only one that currently does not work as of this release. We are still working on this case to see if it might be feasible to fix this in the next release.

The 802.1X related issues have been discussed on the forums with quite a few community members, including @Neuer_User @SebastianT @scarab @Janne @dcoppee @Guardnet @ludozam @JeffHiggins in these threads: 1 2 3 4.

The example configs for the working scenarios listed above are provided in a separate post, and hopefully that will help people find a working setup in their own environments. Thanks everyone for testing and providing the detailed information, which has been very helpful in our effort to address these issues!

  • [System] Add “scheduled restart” feature which can be initiated from both the CLI and the Web UI. For example the CLI commandreload in 10will initiate a restart of the switch in 10 minutes. The current status can be seen usingshow reloadand the restart can be cancelled by commandno reload inThe same operations (schedule/show/cancel) can be done from the Web UI “Basic > Restart Switch” page as well:
    
    This has previously been discussed with for example @jer0886 @nickwhite @jey here and here. (Note that the current implementation can only schedule restart up to one hour in advance and we are looking into expanding that.)
  • [System] Improve handling of readings from temperature sensors and indicate unavailable readings when a sensor’s value cannot be read.
  • [System] Fix incorrect error messages for PoE module in log on non-PoE models.
  • [Flow control] Add per-port flow control configuration in the CLI. Discussed with @bmv here.
  • [CLI] Fix RADIUS server name CLI configuration to allow “.” (dot) characters (was allowed in the Web UI only). Reported by @Adze1502 here.
  • [CLI] Add “show interfaces description” command for displaying interface descriptions. Suggested by@mrjester
  • [ARP] Increase the layer-3 ARP cache size to 493 (from 238). Also decrease the ARP cache timeout to 300 seconds since the previous default (1200) is too long. Discussed with @bryanjduncan @esseph@BradleyGZ @wuudogg @seansummers @marc3k @dison4linux here and here.
  • [Proxy ARP] Fix configuration issues for Proxy ARP feature reported by SebastianT here. However, the “local proxy ARP” function does not work correctly and we are still looking into that.
  • [Web UI] Fix issue with “Security > Port Access Control > Port Details” not responding in some cases.
  • [Web UI] Change the appearance of the “Save Configuration” button when there are unsaved changes. This replaces the “pop-up” message that might block other Web UI functions. Suggested by @thrca @waheulerhere.
  • [Web UI] Fix “Client ID” value handling for DHCP server pool configuration (System > Advanced Configuration > DHCP Server > Pool Configuration) to be consistent with CLI. Reported by @oondeo here.
  • [Web UI] Consolidate port channel “name” and “description” since they are redundant
  • [Web UI] Move PoE tab into “Basic” group. Suggested by and discussed with @sodabrew @NVX here.
  • [Web UI] Consolidate “port description” into the “port summary” page and remove the “port description” page, which is not very useful since it is only used to set the description.
  • [Web UI] Go to a port’s “edit dialog” on the “port summary” page when the port is clicked in the top graphics of the switch ports. Suggested by @smusd234 here.
  • [Web UI] In the VLAN wizard (Basic > VLAN), automatically change a port’s “excluded” VLANs to “tagged” when “trunk mode” is enabled for the port to match the common “trunk” semantics.
  • [Web UI] The Web UI now “remembers” the “rows per page” setting (i.e., the “Display N rows” dropdown selection) selected by the user. Suggested by @Psycho here.
  • [Web UI] Remove “idle check” on the login page when the user is not even logged in
  • [Web UI] Further update the error message when enabling SSH/HTTPS without key/certificate to make it more clear
  • [Web UI] Fix handling of certain characters on “System > Logs > Buffered Log” page.
  • [Web UI] Fix handling of certain characters in SNMP community name. Name validation is now consistent between CLI and Web UI. Reported by @adamboutcher here.
  • [Web UI] Fix name configuration on “Switching > Spanning Tree > Switch” page. Reported by @AFlow (who also provided key information leading to the fix) here.
  • [Web UI] Improve the loading speed of VLAN configuration page (“Basic > VLAN”) when there are many (e.g., hundreds) VLANs configured. Issue reported by @UBNT-Salvador
  • [Web UI] Clarify PoE output text for ports configured for passive PoE output.
  • [Web UI] Implement progress bar for firmware upgrade. Suggested by and discussed with @mrafamily9410@rjh2805 here and here.
  • [Web UI] Change “focus” behavior on firmware upgrade page so that the upload button does not look like it is “disabled” by default. Discussed with rjh2805 @czechu here.
  • [Web UI] Fix default email alert “from address” so that it does not generate error by default. Discussed with@Psychor @flipper @bwstuart here.
  • [Web UI] Change email address validation to allow “+” character. Suggested by and discussed with@subseven-group esseph here.
  • [Web UI] Fix Basic menu for Lite models which was showing PoE tab (incorrectly) and also causing all tabs to the right to be shifted by one. Reported by @defiant @Think-Networks rjh2805 here and here.
  • [Web UI] (EP-S16 only) Add Dashboard display for input power monitoring status/stats (two PoE inputs and one DC input).
  • [Web UI] Add per-port flow control configuration to “Basic > Port Summary” page.
  • [Web UI] Fix JavaScript error on VLAN wizard page when any port description contains single-quote character. Reported by @stevenharman here.
  • [Web UI] Remove “local proxy ARP” entry on the “Routing > IP > Interface Configuration” page after confirming with vendor that it is not supported by the current platform. Reported by SebastianT here.
  • [Web UI] Fix one case where the Web UI would display “config changed” notification when nothing changed. This has been reported by and discussed with community members for example rjh2805 @final @psydafke@jeremyk @pauld @Solideco here and here. As mentioned, there are actually multiple triggers that could cause the notification, and the fix in this release only addresses one of them. The other fixes will be in the release after 1.5.
  • [SNMP] Fix SNMP query result for LLDP remote management address which was “reversed”. Reported by@lbegnaud here.